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Examiner 
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The MAILING DATE of this communication appears on the cover sheet with the correspondence address « 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 29 March 2002 . 
2a)0 This action is FINAL. 2b)^ This action is non-final. 

3) 0 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1-19 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-19 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10)0 The drawing(s) filed on is/are: a)D accepted or b)G objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
1 1 )G The proposed drawing correction filed on is: a)0 approved b)Q disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) 0 The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§ 119 and 120 

13) G Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)OAII b)D Some*c)D None of: 

1 0 Certified copies of the priority documents have been received. 

2.0 Certified copies of the priority documents have been received in Application No. . 

3.0 Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) 0 Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) O The translation of the foreign language provisional application has been received. 

15) 0 Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 
Attachment(s) 

1 ) ^ Notice of References Cited (PTO-892) 4) O Interview Summary (PTO-41 3) Paper No(s). . 

2) D Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) O Notice of Informal Patent Application (PTO-152) 

3) O Information Disclosure Statement(s) (PTO-1449) Paper No(s) . 6) O Other: 



U.S. Patent and Trademark Office 
PTO-326 (Rev. 04-01). ' 



Office Action Summary 



Part of Paper No. 14 




Application/Control Number: 09/187,700 
Art Unit: 2132 



Page 2 



DETAILED ACTION 



Response to Amendment 



1 . This action is in response to the amendment filed 29 March 2002 that amended 
claims 1,8, 15, 18, and 19. 



2. Applicant's arguments with respect to claims 1-19 have been considered but are 
moot in view of the new ground(s) of rejection. 



3. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

4. Claim 7 is rejected under 35 U.S.C. 112, first paragraph, as containing subject 
matter which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the application 
was filed, had possession of the claimed invention. Claim 7 dictates that the first 
password encrypts not only the encryption key, but also a second password. The 
encrypted second password is decrypted by the second password, which results in the 
first password. How exactly does this work, and where is it supported? 

5. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 



Response to Arguments 



Claim Rejections - 35 USC §112 
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6. Claims 18 and 19 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

7. Claim 18 recites the limitation "each unit storage area" in its first line. There is 
insufficient antecedent basis for this limitation in the claim. This claim has been treated 
as though the storage medium was described, in the preamble, as containing a plurality 
of at least one unit storage areas. 

8. Claim 19 recites the limitation "the encrypted key data" in its first line. There is 
insufficient antecedent basis for this limitation in the claim. There is an internal 
inconsistency in this claim, that being that, in the first clause of the claim, the 
aforementioned encrypted key data is said to be encrypted with different key data for 
each storage area, while in the second clause, the encrypted key data is decoded with a 
password. As such the claim has been treated as though the originally offending 
phrase read "encrypted data" and a clause was added saying that encrypted key data 
was read from the storage medium. 

Claim Rejections - 35 USC § 101 

9. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claim 15 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. The data on the storage medium in claim 15 
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do not cause a computer to act in a specific fashion, and as such do not compose a 
data structure. 

Claim Rejections - 35 USC § 103 

10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

11. Claims 1,6-8, and 13-19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ganesan (5748735) in view of Kaufman (6178508). 

Ganesan's fourth figure shows a symmetric key being generated in element 330. 
Subsequently, this key is encrypted. In element 390, the encrypted symmetric key and 
data encrypted with that symmetric key are stored. With the exception of the password 
stipulation, clause one is hereby rendered obvious. Clause two is anticipated by 
elements 390 and 380. Step 580 in figure 5 shows reading the encrypted symmetric 
key from a storage medium, meeting the limitations of the third clause. The next step, 
element 585, anticipates the non-password portion of clause four. Element 590 
anticipates clause five. 

In lines 27-31 of column 6, Ganesan stipulates that the encrypted file and 
encrypted key are stored on an associated memory device. This reads on generating a 
key for a storage area. As is apparent from the abstract, the intent of Ganesan is to 
provide storage for a multitude of files. The writing of the encrypted key to the memory 
device has already been described. 
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Ganesan says that the symmetric key is encrypted with a private key, not a 
password, although there are some functional similarities between the two: both should 
be known only by the holder, and both are often used for authentication. There are also 
several differences, such as the former being used in a public key cryptosystem and the 
latter, when acting as a key, being used in a symmetric key cryptosystem, as shown by 
Kaufman in lines 14-24 of column 6. Another difference is that passwords can generally 
be easily remembered while private keys practically require storage on a computer 
readable medium. Therefore it would have been obvious to a person of ordinary skill in 
the art at the time the invention was made to use a password as taught by Kaufman to 
encrypt the symmetric key in Ganesan. As is evident from Kaufman's exclusive-OR 
operation, this would conserve processing power. 

Claim 6 is covered by Kaufman's plurality of passwords and quorum needed to 
decrypt. See columns five and six. Repeated encryptions of a secret are well-known 
and thus claim 7 is anticipated. 

12. Claims 2 and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ganesan and Kaufman as applied to claim 1 above, and further in view of Cruts et al. 
(4780905). 

Ganesan and Kaufman show a system in which a symmetric key is encrypted 
with a password and stored with data that the symmetric key has encrypted. The key 
and data are associated with the memory device in which they are stored. They do not 
say that the key is generated per the logic sector of the storage medium. In lines 46-48 
of column 2, Cruts et al. say that a decryption key is based on a formula that uses the 
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disc address of data. In lines 24 and 25 above, they say that this saves the user from 
needing to know and remember the encryption key. This is not to say that the 
encryption key is deleted (see abstract). Therefore it would have been obvious to a 
person of ordinary skill in the art at the time the invention was made to associate the 
keys in Ganesan with the memory device on which they were to be stored by forming 
them according to an algorithm based on the address of the data, thereby saving the 
user from needing to remember the encryption keys. 
13. Claims 3, 4, 10, and 11 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ganesan and Kaufman as applied to claim 1 above, and further in 
view of Schneier (Applied Cryptography). 

Ganesan and Kaufman show a system in which a symmetric key is encrypted 
with a password and stored with data that the symmetric key has encrypted. The key 
and data are associated with the memory device in which they are stored. They do not 
say that new symmetric keys are generated each time data is written to a spot in the 
memory device. On pages 6 and7, Schneier mentions the ciphertext-only attack, which 
relies on knowledge of multiple ciphertexts encrypted with the same encryption key. 
One obvious response to this is to use keys but once, which, depending on the 
algorithm, can verge on a one-time pad, which is a perfectly secret algorithm. Therefore 
it would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to generate new keys, as suggested by Schneier, every time datat 
is written to a memory device in Ganesan. 
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Neither Kaufman nor Ganesan say that the symmetric key is made by combining 
a predetermined number of pieces of random data. On page 173, Schneier says that 
good keys are random-bit strings generated by an automatic process. One way to 
achieve this is to generate the key from a reliably random source. This source reads on 
applicant's predetermined number of pieces of random data. Therefore it would have 
been obvious to a person of ordinary skill in the art at the time the invention was made 
to generate the symmetric key in Kaufman using random pieces of data as taught by 
Schneier in order to have a "good" key. 

14. Claim 5 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ganeson and Kaufman as applied to claim 1 above, and further in view of Blakley, III et 
al. (5677952). 

Ganesan and Kaufman show a system in which a symmetric key is encrypted 
with a password and stored with data that the symmetric key has encrypted. The key 
and data are associated with the memory device in which they are stored. They do not 
present a system by which passwords are changed. In lines 6-25 of column 7, Blakley, 
III et al. show a method of changing a password that consists of decrypting data with the 
old password and re-encrypting it with the new password. In Blakley, III et al., these two 
steps occur simultaneously. Therefore it would have been obvious to a person of 
ordinary skill in the art at the time the invention was made to change passwords in the 
system of Ganeson and Kaufman according to the method of Blakley, III et al., thereby 
letting users update their passwords. 
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Conclusion 



1 5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Angert (6324287), Lewis et al. (6233565), Eldridge et al. 
(6094721 and 6061799), and Ote et al. (6023506). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Douglas J. Meislahn whose telephone number is (703) 
305-1338. The examiner can normally be reached on between 9 AM and 6 PM, 
Monday through Thursday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (703) 305-1830. The fax phone 
numbers for the organization where this application or proceeding is assigned are (703) 
746-7239 for regular communications and (703) 746-7238 for After Final 
communications. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
3900. 




Douglas J. Meislahn 

Examiner 

Art Unit 2132 



June 14, 2002 



GILBERTO BARRON 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




